You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
304 lines
6.6 KiB
304 lines
6.6 KiB
From 26ab66d7c43c3ef60ab058d4c3da8989a5c1dd46 Mon Sep 17 00:00:00 2001 |
|
From: Kamal Heib <kheib@redhat.com> |
|
Date: Thu, 9 Nov 2017 04:44:32 -0500 |
|
Subject: [PATCH] pedit: Introduce ipv6 support |
|
|
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1456539 |
|
|
|
commit f3e1b2448a95baef587965b08f48d49b6e1ec2cb |
|
Author: Amir Vadai <amir@vadai.me> |
|
Date: Sun May 14 11:17:46 2017 +0300 |
|
|
|
pedit: Introduce ipv6 support |
|
|
|
Add support for modifying IPv6 headers using pedit. |
|
|
|
Signed-off-by: Amir Vadai <amir@vadai.me> |
|
|
|
Signed-off-by: Kamal Heib <kheib@redhat.com> |
|
--- |
|
man/man8/tc-pedit.8 | 30 ++++++++++++++++++ |
|
tc/Makefile | 1 + |
|
tc/m_pedit.c | 43 +++++++++++++++++++++++-- |
|
tc/p_ip.c | 17 +--------- |
|
tc/p_ip6.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++++ |
|
5 files changed, 164 insertions(+), 18 deletions(-) |
|
create mode 100644 tc/p_ip6.c |
|
|
|
diff --git a/man/man8/tc-pedit.8 b/man/man8/tc-pedit.8 |
|
index 9c4d57b..82d4217 100644 |
|
--- a/man/man8/tc-pedit.8 |
|
+++ b/man/man8/tc-pedit.8 |
|
@@ -33,6 +33,8 @@ pedit - generic packet editor action |
|
| |
|
.BI ip " EX_IPHDR_FIELD" |
|
| |
|
+.BI ip6 " IP6HDR_FIELD" |
|
+| |
|
.BI tcp " TCPHDR_FIELD" |
|
| |
|
.BI udp " UDPHDR_FIELD" |
|
@@ -55,6 +57,12 @@ pedit - generic packet editor action |
|
.IR EX_IPHDR_FIELD " := { " |
|
.BR ttl " }" |
|
|
|
+ |
|
+.ti -8 |
|
+.IR IP6HDR_FIELD " := { " |
|
+.BR src " | " dst " | " flow_lbl " | " payload_len " | " nexthdr " |" |
|
+.BR hoplimit " }" |
|
+ |
|
.ti -8 |
|
.IR TCPHDR_FIELD " := { " |
|
.BR sport " | " dport " | " flags " }" |
|
@@ -211,6 +219,25 @@ are: |
|
.B ttl |
|
.RE |
|
.TP |
|
+.BI ip6 " IP6HDR_FIELD" |
|
+The supported keywords for |
|
+.I IP6HDR_FIELD |
|
+are: |
|
+.RS |
|
+.TP |
|
+.B src |
|
+.TQ |
|
+.B dst |
|
+.TQ |
|
+.B flow_lbl |
|
+.TQ |
|
+.B payload_len |
|
+.TQ |
|
+.B nexthdr |
|
+.TQ |
|
+.B hoplimit |
|
+.RE |
|
+.TP |
|
.BI tcp " TCPHDR_FIELD" |
|
The supported keywords for |
|
.I TCPHDR_FIELD |
|
@@ -331,6 +358,9 @@ tc filter add dev eth0 parent ffff: u32 \\ |
|
action pedit ex munge ip dst set 192.168.1.199 |
|
tc filter add dev eth0 parent ffff: u32 \\ |
|
match ip sport 22 0xffff \\ |
|
+ action pedit ex munge ip6 dst set fe80::dacb:8aff:fec7:320e |
|
+tc filter add dev eth0 parent ffff: u32 \\ |
|
+ match ip sport 22 0xffff \\ |
|
action pedit ex munge eth dst set 11:22:33:44:55:66 |
|
tc filter add dev eth0 parent ffff: u32 \\ |
|
match ip dport 23 0xffff \\ |
|
diff --git a/tc/Makefile b/tc/Makefile |
|
index 446a113..9a6bb1d 100644 |
|
--- a/tc/Makefile |
|
+++ b/tc/Makefile |
|
@@ -53,6 +53,7 @@ TCMODULES += m_bpf.o |
|
TCMODULES += m_tunnel_key.o |
|
TCMODULES += m_sample.o |
|
TCMODULES += p_ip.o |
|
+TCMODULES += p_ip6.o |
|
TCMODULES += p_icmp.o |
|
TCMODULES += p_eth.o |
|
TCMODULES += p_tcp.o |
|
diff --git a/tc/m_pedit.c b/tc/m_pedit.c |
|
index 9b74c96..dfa6b2c 100644 |
|
--- a/tc/m_pedit.c |
|
+++ b/tc/m_pedit.c |
|
@@ -257,6 +257,32 @@ static int pack_mac(struct m_pedit_sel *sel, struct m_pedit_key *tkey, |
|
return ret; |
|
} |
|
|
|
+static int pack_ipv6(struct m_pedit_sel *sel, struct m_pedit_key *tkey, |
|
+ __u32 *ipv6) |
|
+{ |
|
+ int ret = 0; |
|
+ int i; |
|
+ |
|
+ if (tkey->off & 0x3) { |
|
+ fprintf(stderr, |
|
+ "pack_ipv6: IPv6 offsets must begin in 32bit boundaries\n"); |
|
+ return -1; |
|
+ } |
|
+ |
|
+ for (i = 0; i < 4; i++) { |
|
+ tkey->mask = 0; |
|
+ tkey->val = ntohl(ipv6[i]); |
|
+ |
|
+ ret = pack_key32(~0, sel, tkey); |
|
+ if (ret) |
|
+ return ret; |
|
+ |
|
+ tkey->off += 4; |
|
+ } |
|
+ |
|
+ return 0; |
|
+} |
|
+ |
|
int parse_val(int *argc_p, char ***argv_p, __u32 *val, int type) |
|
{ |
|
int argc = *argc_p; |
|
@@ -281,8 +307,16 @@ int parse_val(int *argc_p, char ***argv_p, __u32 *val, int type) |
|
return 0; |
|
} |
|
|
|
- if (type == TIPV6) |
|
- return -1; /* not implemented yet */ |
|
+ if (type == TIPV6) { |
|
+ inet_prefix addr; |
|
+ |
|
+ if (get_prefix_1(&addr, *argv, AF_INET6)) |
|
+ return -1; |
|
+ |
|
+ memcpy(val, addr.data, addr.bytelen); |
|
+ |
|
+ return 0; |
|
+ } |
|
|
|
if (type == TMAC) { |
|
#define MAC_ALEN 6 |
|
@@ -364,6 +398,11 @@ int parse_cmd(int *argc_p, char ***argv_p, __u32 len, int type, __u32 retain, |
|
goto done; |
|
} |
|
|
|
+ if (type == TIPV6) { |
|
+ res = pack_ipv6(sel, tkey, val); |
|
+ goto done; |
|
+ } |
|
+ |
|
tkey->val = *v; |
|
tkey->mask = *m; |
|
|
|
diff --git a/tc/p_ip.c b/tc/p_ip.c |
|
index 22fe650..0272a6e 100644 |
|
--- a/tc/p_ip.c |
|
+++ b/tc/p_ip.c |
|
@@ -1,5 +1,5 @@ |
|
/* |
|
- * m_pedit.c packet editor: IPV4/6 header |
|
+ * p_ip.c packet editor: IPV4 header |
|
* |
|
* This program is free software; you can distribute it and/or |
|
* modify it under the terms of the GNU General Public License |
|
@@ -156,23 +156,8 @@ done: |
|
return res; |
|
} |
|
|
|
-static int |
|
-parse_ip6(int *argc_p, char ***argv_p, |
|
- struct m_pedit_sel *sel, struct m_pedit_key *tkey) |
|
-{ |
|
- int res = -1; |
|
- return res; |
|
-} |
|
- |
|
struct m_pedit_util p_pedit_ip = { |
|
NULL, |
|
"ip", |
|
parse_ip, |
|
}; |
|
- |
|
- |
|
-struct m_pedit_util p_pedit_ip6 = { |
|
- NULL, |
|
- "ip6", |
|
- parse_ip6, |
|
-}; |
|
diff --git a/tc/p_ip6.c b/tc/p_ip6.c |
|
new file mode 100644 |
|
index 0000000..a4824bd |
|
--- /dev/null |
|
+++ b/tc/p_ip6.c |
|
@@ -0,0 +1,91 @@ |
|
+/* |
|
+ * p_ip6.c packet editor: IPV6 header |
|
+ * |
|
+ * This program is free software; you can distribute it and/or |
|
+ * modify it under the terms of the GNU General Public License |
|
+ * as published by the Free Software Foundation; either version |
|
+ * 2 of the License, or (at your option) any later version. |
|
+ * |
|
+ * Authors: Amir Vadai <amir@vadai.me> |
|
+ * |
|
+ */ |
|
+ |
|
+#include <stdio.h> |
|
+#include <stdlib.h> |
|
+#include <unistd.h> |
|
+#include <syslog.h> |
|
+#include <fcntl.h> |
|
+#include <sys/socket.h> |
|
+#include <netinet/in.h> |
|
+#include <arpa/inet.h> |
|
+#include <string.h> |
|
+#include "utils.h" |
|
+#include "tc_util.h" |
|
+#include "m_pedit.h" |
|
+ |
|
+static int |
|
+parse_ip6(int *argc_p, char ***argv_p, |
|
+ struct m_pedit_sel *sel, struct m_pedit_key *tkey) |
|
+{ |
|
+ int res = -1; |
|
+ int argc = *argc_p; |
|
+ char **argv = *argv_p; |
|
+ |
|
+ if (argc < 2) |
|
+ return -1; |
|
+ |
|
+ if (!sel->extended) |
|
+ return -1; |
|
+ |
|
+ tkey->htype = TCA_PEDIT_KEY_EX_HDR_TYPE_IP6; |
|
+ |
|
+ if (strcmp(*argv, "src") == 0) { |
|
+ NEXT_ARG(); |
|
+ tkey->off = 8; |
|
+ res = parse_cmd(&argc, &argv, 16, TIPV6, RU32, sel, tkey); |
|
+ goto done; |
|
+ } |
|
+ if (strcmp(*argv, "dst") == 0) { |
|
+ NEXT_ARG(); |
|
+ tkey->off = 24; |
|
+ res = parse_cmd(&argc, &argv, 16, TIPV6, RU32, sel, tkey); |
|
+ goto done; |
|
+ } |
|
+ if (strcmp(*argv, "flow_lbl") == 0) { |
|
+ NEXT_ARG(); |
|
+ tkey->off = 0; |
|
+ res = parse_cmd(&argc, &argv, 4, TU32, 0x0007ffff, sel, tkey); |
|
+ goto done; |
|
+ } |
|
+ if (strcmp(*argv, "payload_len") == 0) { |
|
+ NEXT_ARG(); |
|
+ tkey->off = 4; |
|
+ res = parse_cmd(&argc, &argv, 2, TU32, RU16, sel, tkey); |
|
+ goto done; |
|
+ } |
|
+ if (strcmp(*argv, "nexthdr") == 0) { |
|
+ NEXT_ARG(); |
|
+ tkey->off = 6; |
|
+ res = parse_cmd(&argc, &argv, 1, TU32, RU8, sel, tkey); |
|
+ goto done; |
|
+ } |
|
+ if (strcmp(*argv, "hoplimit") == 0) { |
|
+ NEXT_ARG(); |
|
+ tkey->off = 7; |
|
+ res = parse_cmd(&argc, &argv, 1, TU32, RU8, sel, tkey); |
|
+ goto done; |
|
+ } |
|
+ |
|
+ return -1; |
|
+ |
|
+done: |
|
+ *argc_p = argc; |
|
+ *argv_p = argv; |
|
+ return res; |
|
+} |
|
+ |
|
+struct m_pedit_util p_pedit_ip6 = { |
|
+ NULL, |
|
+ "ipv6", |
|
+ parse_ip6, |
|
+}; |
|
-- |
|
1.8.3.1 |
|
|
|
|